Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id A5113C0051 for ; Mon, 24 Aug 2020 19:59:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 9440E8547B for ; Mon, 24 Aug 2020 19:59:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rLhVrcGAHWxd for ; Mon, 24 Aug 2020 19:59:10 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by whitealder.osuosl.org (Postfix) with ESMTPS id 4237A81F4D for ; Mon, 24 Aug 2020 19:59:10 +0000 (UTC) Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com [209.85.208.46]) (authenticated bits=0) (User authenticated as jlrubin@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 07OJx7S9004784 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 24 Aug 2020 15:59:08 -0400 Received: by mail-ed1-f46.google.com with SMTP id di22so9188502edb.12 for ; Mon, 24 Aug 2020 12:59:08 -0700 (PDT) X-Gm-Message-State: AOAM532KCKqZegKMxfAS2tfSP0AgiPbq1UxDtslBopoXeP6grBR5PSVq ThTL8yfDTr+a1nldBCEeyy5fFjJKmFOSrNfc+/I= X-Google-Smtp-Source: ABdhPJyjS8cKZMDlhx4NOOCl29D6tnozkGRbb+NwzrEqgPi1nxkSQ/axaIYPr66MyiOScXT84HZEjdJCEQxLL5TDHA4= X-Received: by 2002:a05:6402:1b02:: with SMTP id by2mr4063009edb.95.1598299147748; Mon, 24 Aug 2020 12:59:07 -0700 (PDT) MIME-Version: 1.0 References: <27FE83C7-0269-4DEB-82E4-486FAFFA0DE5@voskuil.org> In-Reply-To: <27FE83C7-0269-4DEB-82E4-486FAFFA0DE5@voskuil.org> From: Jeremy Date: Mon, 24 Aug 2020 12:58:56 -0700 X-Gmail-Original-Message-ID: Message-ID: To: Eric Voskuil Content-Type: multipart/alternative; boundary="000000000000f24b6205ada504fa" Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Generalizing feature negotiation when new p2p connections are setup X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2020 19:59:11 -0000 --000000000000f24b6205ada504fa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > > > > > > > * >> On 8/21/20 5:17 PM, Jeremy wrote: >> As for an example of where you'= d > want multi-round, you could imagine a scenario where you have a feature A > which gets bugfixed by the introduction of feature B, and you don't want = to > expose that you support A unless you first negotiate B. Or if you can > negotiate B you should never expose A, but for old nodes you'll still do = it > if B is unknown to them. This seems to imply a security benefit (I can=E2= =80=99t > discern any other rationale for this complexity). It should be clear that > this is no more than trivially weak obfuscation and not worth complicatin= g > the protocol to achieve.* The benefit is not privacy oriented and I didn't intend to imply as such. The benefit is that you may only wish to expose functionality to peers which support some other set of features. For example, with wtxid relay, I might want to expose some additional functionality after establishing my peer supports it, that peers which do not have wtxid relay should not be allowed to use. The benefit over just exposing all functions is then a node might be programmed to support the new feature but not wtxid relay, which can lead to some incompatibilities. You cannot implement this logic as a purely post-hoc "advertise all and then figure out what is allowed" because then you require strict consistency between peers of that post-hoc feature availability implication map. --000000000000f24b6205ada504fa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

>> On 8/21/20 5:17 PM, Jeremy wrote:
>> As for an example of where you'd want multi-round, you could i= magine a scenario where you have a feature A which gets bugfixed by the int= roduction of feature B, and you don't want to expose that you support A= unless you first negotiate B. Or if you can negotiate B you should never e= xpose A, but for old nodes you'll still do it if B is unknown to them.<= br>
This seems to imply a security benefit (I can=E2=80=99t discern any other r= ationale for this complexity). It should be clear that this is no more than= trivially weak obfuscation and not worth complicating the protocol to achi= eve.

The benefit is not privacy oriented and I didn't intend to im= ply as such. The benefit is that you may only wish to expose functionality = to peers which support some other set of features. For example, with wtxid = relay, I might want to expose some additional functionality after establish= ing my peer supports it, that peers which do not have wtxid relay should no= t be allowed to use. The benefit over just exposing all functions is then a= node might be programmed to support the new feature but not wtxid relay, w= hich can lead to some incompatibilities.

<= div dir=3D"auto">
You cannot implement t= his logic as a purely post-hoc "advertise all and then figure out what= is allowed" because then you require strict consistency between peers= of that post-hoc feature availability implication map.
--000000000000f24b6205ada504fa--